This is an OpenSSL feature, not JSSE. We'll be implementing it in
an upcoming release. Probably it will be in 4.0.44, as .43 is due
for release soon.

Thanks,
Paul
On Dec 5, 2012, at 8:13 AM, Aaron Freeman wrote:
Knut,

Thanks a bunch for your reply. I saw you referencing another email
you sent, but this is the only one I saw come through the group.

At any rate, we are already using the cipher-suites feature, but in
this case that's not enough. They are telling us that we actually
have to be able to prioritize the order that the suites are
negotiated on the server side. The only cipher suites guaranteed
not to have the BEAST attack issue are ones that aren't wide-spread
yet (TLSv1.1) however if we can put TLSv1.0 in a specific order that
will suffice for PCI compliance.